<?php

uses('sanitize');

class PostsController extends AppController {

	var $name = 'Posts';
	var $helpers = array('Html', 'Form', 'ajax' );
	var $components = array('Acl', 'Security', 'RequestHandler', 'Image');
	
	function beforeFilter()
	{
		$this->Security->requirePost('comment_list');
		//$this->Security->requireAuth('order');
		$this->Security->blackHoleCallback = 'invalid';
	}

	function invalid()
	{
		header ('HTTP/x 400 Bad Request');
		echo('<h1>Upward : erreur 400</h1>');
		echo('<p>Un probleme est servenue, merci de renvoyer le formulaire une nouvelle fois.</p>');
		die;
	}

//Image upload:
function upload(){
	if(strlen($this->data['Image']['name1']['name']) > 4){
		$error = 0;
		$uploaddir1 = 'data/img/full';
		$uploaddir2 = 'data/img/thumbnails';
		$filetype = $this->Post->getFileExtension($this->data['Image']['name1']['name']);
		$filetype = strtolower($filetype);
		
		if(($filetype != 'jpeg') && ($filetype != 'jpg')){
			$error = 1;
		}else{
			$imgsize = GetImageSize($this->data['Image']['name1']['tmp_name']);
		}
		
		if(($imgsize[0] > 800) || ($imgsize[1] > 600)){
			unlink($this->data['Image']['name1']['name']);
			$error = 1;
		}
		
		if($error == 0){
			$stamp = strtotime('now');
			$orderid = $stamp;
			$orderid = str_replace('.', '', $orderid);
			$id_unic = $orderid;
			$temp = $id_unic;
			settype($temp, 'string');
			$temp .= '.'.$filetype;
			$newfile = $uploaddir1.'/'.$temp;
			if(is_uploaded_file($this->data['Image']['name1']['tmp_name'])){
				if(!copy($this->data['Image']['name1']['tmp_name'], $newfile)){
					print 'Error at uploading';
					exit();
				}
			}
			$newfile2 = $uploaddir2.'/'.$temp;
			
			$picture_location=$newfile;
			$size = 110;
			$img_des = $this->Post->resize_img($picture_location, $size);
			imagejpeg($img_des, $newfile2, 80);
			
		}
	}else{
		die('error');
	}
	
}

//guest
	function index() {
		$this->Post->recursive = 0;
		$this->set('posts', $this->Post->findAll(null, null, 'Post.created DESC'));
	}

	function view($id = null) {
		if(!$id) {
			$this->Session->setFlash('Invalid id for Post.');
			$this->redirect('/post/index');
		}
		$post = $this->Post->read(null, $id);
		$this->set('post', $post);
	}
	
	//ajax - in comments/ajaxadd
	function comment_list($id = null){
		if(!$id) {
			$this->Session->setFlash('Invalid id for Post.');
			$this->redirect('/post/index');
		}
		$this->set('post', $this->Post->read(null, $id));
		$this->render('comment_list', 'ajax');
	}
//dealers
	function add() {
		if(!$this->Acl->check($this->Session->read('user'), '/posts', 'create')){
			$this->Session->setFlash('Action non autorisée');
			$this->redirect('/posts/index');
		}elseif(empty($this->data)) {
			$this->render();
		} else {
			$san = new Sanitize();
			$this->data['Post']['title'] = $san->paranoid($this->data['Post']['title'], array(' ', '.', '+', '-', ':', '*', '$', '^', '_', '[', ']', '(', ')'));
			$this->data['Post']['slug'] = $san->paranoid($this->data['Post']['slug'], array('-'));
			$this->data['Post']['content'] = $san->sql($this->data['Post']['content']);
			$this->data['Post']['user_id'] = $this->Session->read('id');
			//cat_id
					
			$this->cleanUpFields();
			if($this->Post->save($this->data)) {
				//ACL
				$aco = new Aco();
				$aco->create(0,0, 'post-'.$this->Post->id);
				$this->Acl->allow('dealers', 'post-'.$this->Post->id);
				$this->Acl->allow('admins', 'post-'.$this->Post->id);
				
				$this->Session->setFlash('The Post has been saved');
				$this->redirect('/posts/index');
			} else {
				$this->Session->setFlash('Please correct errors below.');
			}
		}
	}

	function edit($id = null) {
		if(!$id) {
			$this->Session->setFlash('Invalid id for Post');
			$this->redirect('/posts/index');
		}
		if(!$this->Acl->check($this->Session->read('user'), 'post-'.$id, 'update')){
			$this->Session->setFlash('Action non autorisée');
			$this->redirect('/posts/index');
		}elseif(empty($this->data)) {
			$this->data = $this->Post->read(null, $id);
			$this->set('users', $this->Post->User->generateList(null, 'username ASC', null, '{n}.User.id', '{n}.User.username'));
		} else {
			$san = new Sanitize();
			$this->data['Post']['title'] = $san->paranoid($this->data['Post']['title'], array(' ', '.', '+', '-', ':', '*', '$', '^', '_', '[', ']', '(', ')'));
			$this->data['Post']['slug'] = $san->paranoid($this->data['Post']['slug'], array('-'));
			$this->data['Post']['content'] = $san->sql($this->data['Post']['content']);
			
			$this->cleanUpFields();
			if($this->Post->save($this->data)) {
				$this->Session->setFlash('The Post has been saved');
				$this->redirect('/posts/index');
			} else {
				$this->Session->setFlash('Please correct errors below.');
				$this->set('users', $this->Post->User->generateList(null, 'username ASC', null, '{n}.User.id', '{n}.User.username'));
			}
		}
	}

	function delete($id = null) {
		if(!$id) {
			$this->Session->setFlash('Invalid id for Post');
			$this->redirect('/posts/index');
		}
		if(!$this->Acl->check($this->Session->read('user'), 'post-'.$id, 'delete')){
			$this->Session->setFlash('Action non autorisée');
			$this->redirect('/posts/index');
		}elseif($this->Post->del($id)) {
			$this->Session->setFlash('The Post deleted: id '.$id.'');
			$this->redirect('/posts/index');
		}
	}

}

?>